package com.mobilesecuritycard.openmobileapi.service.security;

import android.content.pm.PackageInfo;
import android.content.pm.PackageManager;
import android.content.pm.Signature;
import com.mobilesecuritycard.openmobileapi.service.CardException;
import com.mobilesecuritycard.openmobileapi.service.IChannel;
import com.mobilesecuritycard.openmobileapi.service.ISmartcardServiceCallback;
import com.mobilesecuritycard.openmobileapi.service.ITerminal;
import com.mobilesecuritycard.openmobileapi.service.security.ara.AraController;
import java.io.ByteArrayInputStream;
import java.security.AccessControlException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.MissingResourceException;
import java.util.NoSuchElementException;

/* loaded from: classes.dex */
public class AccessController {
    protected final String ACCESS_CONTROLLER_TAG = "AccessController";
    protected final String ARA_ENFORCER = "Access Rule Enforcer: ";
    protected AraController mAraController;
    protected PackageManager mPackageManager;

    public AccessController(PackageManager packageManager) {
        this.mPackageManager = null;
        this.mAraController = null;
        this.mPackageManager = packageManager;
        this.mAraController = new AraController(this);
    }

    public static Certificate decodeCertificate(byte[] bArr) throws CertificateException {
        return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(bArr));
    }

    public static byte[] getAppCertHash(Certificate certificate) throws CertificateEncodingException {
        MessageDigest messageDigest = null;
        for (int i = 0; i < 10; i++) {
            try {
                messageDigest = MessageDigest.getInstance("SHA");
                break;
            } catch (Exception e) {
            }
        }
        if (messageDigest == null) {
            throw new AccessControlException("Hash can not be computed");
        }
        return messageDigest.digest(certificate.getEncoded());
    }

    public static byte[] getDefaultAccessControlAid() {
        return AraController.getAraMAid();
    }

    public void checkCommand(IChannel iChannel, byte[] bArr) {
        ChannelAccess channelAccess = iChannel.getChannelAccess();
        String reason = channelAccess.getReason();
        String str = reason.length() == 0 ? "Command not allowed!" : reason;
        if (channelAccess == null) {
            throw new AccessControlException("Access Rule Enforcer: Channel access not set");
        }
        if (channelAccess.isNoAccess()) {
            throw new AccessControlException("Access Rule Enforcer: " + str);
        }
        if (!channelAccess.isUseApduFilter()) {
            if (!channelAccess.isApduAccess()) {
                throw new AccessControlException("Access Rule Enforcer: APDU access NOT allowed");
            }
            return;
        }
        ApduFilter[] apduFilter = channelAccess.getApduFilter();
        if (apduFilter == null || apduFilter.length == 0) {
            throw new AccessControlException("Access Rule Enforcer: Access Rule not available: " + str);
        }
        for (ApduFilter apduFilter2 : apduFilter) {
            if (CommandApdu.compareHeaders(bArr, apduFilter2.getMask(), apduFilter2.getApdu())) {
                return;
            }
        }
        throw new AccessControlException("Access Rule Enforcer: Access Rule does not match: " + str);
    }

    public ChannelAccess enableAccessConditions(ITerminal iTerminal, byte[] bArr, String[] strArr, ISmartcardServiceCallback iSmartcardServiceCallback) {
        ChannelAccess channelAccess = null;
        if (this.mAraController != null) {
            try {
                channelAccess = this.mAraController.enableAccessConditions(iTerminal, bArr, strArr, iSmartcardServiceCallback);
            } catch (Exception e) {
                if (e instanceof MissingResourceException) {
                    throw new MissingResourceException("Access Rule Enforcer: " + e.getMessage(), "", "");
                }
                if (e instanceof NoSuchElementException) {
                    throw new NoSuchElementException("Access Rule Enforcer: access denied: " + e.getMessage());
                }
                throw new AccessControlException("Access Rule Enforcer: access denied: " + e.getMessage());
            }
        }
        if (channelAccess == null || !(channelAccess.isApduAccess() || channelAccess.isUseApduFilter())) {
            throw new AccessControlException("Access Rule Enforcer: no APDU access allowed!");
        }
        return channelAccess;
    }

    public Certificate[] getAPPCerts(String str) throws CertificateException, NoSuchAlgorithmException, AccessControlException, CardException {
        PackageInfo packageInfo;
        List<PackageInfo> installedPackages = this.mPackageManager.getInstalledPackages(4416);
        if (str == null || str.length() == 0) {
            throw new AccessControlException("Package Name not defined");
        }
        ArrayList arrayList = new ArrayList();
        Iterator<PackageInfo> it = installedPackages.iterator();
        while (true) {
            if (!it.hasNext()) {
                packageInfo = null;
                break;
            }
            packageInfo = it.next();
            if (str.equals(packageInfo.packageName)) {
                break;
            }
        }
        if (packageInfo == null) {
            throw new AccessControlException("Package does not exist");
        }
        Signature[] signatureArr = packageInfo.signatures;
        for (Signature signature : signatureArr) {
            arrayList.add(decodeCertificate(signature.toByteArray()));
        }
        return (Certificate[]) arrayList.toArray(new Certificate[arrayList.size()]);
    }

    public boolean[] isNFCEventAllowed(ITerminal iTerminal, byte[] bArr, String[] strArr, ISmartcardServiceCallback iSmartcardServiceCallback) throws CardException {
        if (this.mAraController != null) {
            return this.mAraController.isNFCEventAllowed(iTerminal, bArr, strArr, iSmartcardServiceCallback);
        }
        return null;
    }
}
